What is Spear Phishing?

Spear Phishing Attack

Unlike broader phishing attempts that blanket many users in hopes of snagging one or two, spear phishing is a precise and targeted attack on a single person that aims to persuade them to perform an action harmful to their business, organization, or government agency.

Examples

Common spear phishing attempts come from a trusted partner or executive and are very specifically targeted to certain individuals who can carry out high-value transactions.

One of the reasons spear phishing has been so effective is that it relies on the inherent lack of authentication in most internet email. As a result, it’s easy for attackers to impersonate people or companies that their targets will trust. In as many as two-thirds of these cases, attackers actually use the domain name of the impersonated entity in the “From:” field of their messages. This is known as exact-domain impersonation.

Email authentication puts a stop to that kind of attack by limiting domain use to only those senders that a domain owner has specifically authorized.

We use cookies to improve your experience on our site. By continuing to use this site or by using our services you are giving us your consent to do this. You can read more about our cookie policy here.